On Fri, Jun 05, 2020 at 10:29:56AM +1000, Herbert Xu wrote:
> On Fri, Jun 05, 2020 at 10:28:58AM +1000, Herbert Xu wrote:
> >
> > Hmm, the selection list doesn't include CTR so just adding SEQIV
> > per se makes no sense. I'm not certain that we really want to
> > include every algorithm under the sun. Steffen, what do you think?
>
> Or how about
>
> select CRYPTO_SEQIV if CRYPTO_CTR
>
> That would make more sense.
>
> Cheers,
There's also a case where "seqiv" is used without counter mode:
net/xfrm/xfrm_algo.c:
{
.name = "rfc7539esp(chacha20,poly1305)",
.uinfo = {
.aead = {
.geniv = "seqiv",
.icv_truncbits = 128,
}
},
.pfkey_supported = 0,
},
FWIW, we make CONFIG_FS_ENCRYPTION select only the algorithms that we consider
the "default", and any "non-default" algorithms need to be explicitly enabled.
Is something similar going on here with INET_ESP and INET_ESP6? Should "seqiv"
be considered a "default" for IPsec?
- Eric
